Infractal 2 Posted February 28, 2015 Share Posted February 28, 2015 Is there a roadmap for adding TLS 1.2 support for SSL inspection? I would also like to see the following forward secrecy ciphers supported to match the Win8.1/10 schannel stack, along with the ability to configure the cipher and protocol config on clients so I can do things like disable RC4 ciphers for my enterprise clients.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256TLS_DHE_RSA_WITH_AES_256_GCM_SHA384TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 948 Posted March 5, 2015 ESET Moderators Share Posted March 5, 2015 Hello, TLS 1.2 is supported by our implementation of SSL Protocol checking. Do you have any particular issues with it with current Internet protection module? P.R. Link to comment Share on other sites More sharing options...
Infractal 2 Posted March 6, 2015 Author Share Posted March 6, 2015 After doing a bit more digging, I am noticing that browsers are behaving differently. Qualys tests against IE11 doing SSL inspection show TLS 1.2 support, but Firefox 36 is only going up to TLS 1.1. Is cipher customization a possibility? I'd really like to get those RC4 ciphers pulled out. Link to comment Share on other sites More sharing options...
ESET Moderators Solution Peter Randziak 948 Posted March 6, 2015 ESET Moderators Solution Share Posted March 6, 2015 Hello, yes you are right support for TLS 1.2 in Firefox will be included in Internet protection module 1181+ (not available for users yet). We will release this module gradually for user, but we do not have any time frame specified yet. P.R. Link to comment Share on other sites More sharing options...
chrcoluk 2 Posted May 18, 2015 Share Posted May 18, 2015 you have ignored his question, why can you not add cipher control to the settings? Also support for HSTS hxxp://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Public Key pinning hxxp://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Plus manual verification of ceritifcates. I think the HTTPS interception is messy and goes against good security practices. Its better to just make it so livegrid can work without live http/https interception. Link to comment Share on other sites More sharing options...
Recommended Posts